I have a Symfony application with two areas, one for clients accessing a web page, the other for API calls from AJAX and web services.
Each of these areas is independently protected by the firewall. The WEB interface is authenticated using the log form and API with http_basic .
Both firewalls work fine, but when the WEB interface makes an AJAX call with the API, the browser asks the user to log in again, even when he has already registered (via the form). I want to avoid that. I would like both firewalls to be authenticated at the same time to prevent this invitation.
I saw another question with exactly the same problem. But they use http_basic authentication on both firewalls, so the proposed solution does not work in my case:
Authenticate multiple Symfony2 firewalls with a single login form
My security.yml
#.... firewalls: api: pattern: ^/API context: primary_auth stateless: true http_basic: realm: "API: Please log in" web: pattern: ^/ context: primary_auth form_login: check_path: /login_check login_path: /login provider: fos_userbundle logout: path: /logout target: / anonymous: ~
source share